Cyber Security Conference – cyph3r

As a cyber security guy I always start the year looking at what security conference are coming up in the next 12 months, just so I can plan my itinerary. You always get the SANS events which are always good quality, especially their training sessions, although they can be a tad expensive.

You also get the specialist events, those focused on encryption, those focused on regional forums and more recently those focused on Crypto-currencies like BitCoin or DodgeCoin, which, if you are interested in those fields that’s great, but not of an interest to the general cyber security community.

My go to events over the last few years have been the big hacking events, BlackHat and DefCon, which let’s be honest you can’t argue with, quality events. I normally do both events in Las Vegas, they are held around the same time, but much prefer DefCon and at a couple hundred bucks is true value for money.

In my research for this years events a new one has popped up on my radar, cyph3r – Hack to protect. This one piqued my interest based on its title, implying an approach of red teaming your organisation for better security. The event is held over four days, with the first two in a boot camp training format, followed by two days of knowledge sharing and discussions. Pretty standard stuff. But across the four days they are also doing the Offsec Playground.

This sounds intriguing, billed as a “cyber security virtual lab that enables you to sharpen your offensive security skills” it allows the gamification of cyber security hacking. You get to hack the virtual environment, hand held by some experts as you step through an attack. This should lead to you innovating the attacks, make you think like the bad guy and thereby understand what some one who has breached your environment is going to do. Once you manage to get your foothold in the target network, what do you do? Essentially you are blind, you need to look around, what tools are you going to use to discover and map the target environment? With this knowledge you can then implement strategies to detect hackers within your network.

Having worked for various vendors over the last two decades, one thing I know with a certainty is that organisations struggle with detecting when the bad guys are in their network. They could could implement cutting edge technology like LogRhythm, or Tanium, but if they don’t know how to use those tools to look for specific activity of the bad guys, they lose a significant portion of their value, not the tools fault, but they get the negative press.

With the Offsec Playground cyph3r is attempting to close that knowledge gap, make those expensive tools organisations invest in useful, and that must be applauded. The only sticking point, “No wannabe’s this is the real thing to even get access to the Virtual Labs you will have to perform a simple hack to acquire the credentials for access”, so that probably rules me out then!